Using FreeRadius to coordinate access to cisco routers based on time
Frank Cui
ycui at outlook.com
Thu May 22 22:17:18 CEST 2014
Hi Radius People,
I'm a new user on FreeRadius and recently considering using FreeRadius version 2 in our environment.
Basically we are an education/training environment where we have some students accessing the routers and switches for practise, terminal server are used to consolidate the console access, and these terminal servers authenticate the users through a Radius server (as shown in the following figure). Additionally, the students are categorized into few groups. We want to implement policy on the radius server so that only a certain group can access the pod in a given duration of time (the user should be dropped from the terminal when the subscribed time is reached and cannot access thereafter .)
+++++++++++++++ +++++++++++++++ ++++++++++++++ User +++++++++++++++++++++ Cisco 2600 +++++++++++++++++++ Network ++ + + Terminal Serv + + Devices ++++++++++++++++ +++++++++++++++ +++++++++++++ (NAS) + + +++++++++++++++ + FreeRadius + +++++++++++++++
Right now I'm able to do the "hello-world" setup with the following users and clients.conf. On the terminal server side, aaa new-model is enabled on the cisco terminal server to communicate with this radius server.
users=============cisco Auth-Type := System Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15"
clients.conf==============client 192.168.1.1 { secret = SECRET_KEY shortname = termserver nastype = cisco}
A typical transaction would be :
Access-Request======= NAS-IP-Address = 192.168.1.1 NAS-Port = 35 NAS-Port-Type = Async User-Name = "cisco" Calling-Station-Id = "1.1.1.1" User-Password = "cisco"
Access-Accept======= Service-Type = NAS-Prompt-User Cisco-AVPair = "shell:priv-lvl=15"
However, this doesn't really provide any timing or grouping policy. Could you please provide some hints on how typically the timing limits are enforced with the freeradius and cisco terminal server?
Thanks a lot in advance.
ThanksFrank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140522/64277779/attachment.html>
More information about the Freeradius-Users
mailing list